OAuth Workflow

Using OAuth at a base level with the
GitShare
API for those new to OAuth.

OAuth Authentication

OAuth authentication is useful when you are writing a service that you want to make available to other GitShare users. OAuth allows you to register
your application with GitShare.
Once you register, you obtain a client access token that can be used to ask a
GitShare
user for access to their account.
Once access is granted, you can call the
GitShare
API on behalf of that user, to read and write their files or to perform any action that user can perform.
OAuth allows you to interact with someone else's account.

GitShare supports OAuth 1. We are working on adding OAuth 2, which is currently in draft form.

This is useful when...

you want to extend GitShare in some way.

you are building a service, and want your users to "bring their own storage" with them.

you want to give your users many storage platforms to choose between when importing or exporting data.

Not Using Our SDK

This article is written for users that are not using one of the current SDKs.
When using one of our SDKs, this correct fields and values should automatically be sent.
The SDK will also store tokens/secrets and includes those with calls to the API.

Send your user to the authorization url. The user will allow or dissallow your application. If allowed and you have specified
a callback url, the verifier will be sent to your application. If approved and you have not specified a callback url, the
verifier will be displayed on screen and the user will have to copy it and paste it into your application.

4. Get Access Token

Access Token URL: https://app.gitshare.io/oauth/access_token/

Request Field Name

Description

oauth_version

"1.0" We currently only support version 1.0

oauth_nonce

Generate a nonce. We support alpha-numeric charaters up 64 chars.

oauth_timestamp

timestamp

oauth_verifier

Verifier returned from step 3 above.

oauth_signature_method

"PLAINTEXT"

oauth_consumer_key

Client Token issued in step 1.

oauth_token

Request Token issued in response to step 2.

oauth_signature

CLIENT_SECRET&REQUEST_SECRETClient Secret issued in step 1 and Request Secret issued in response to step 2.
The easiest thing to miss here is the concatentation together with the &.

The response will either be a 403 status with the following text:
Could not verify OAuth request.

or a 200 status with
oauth_token_secret=ACCESS_SECRET&oauth_token=ACCESS_TOKEN
You will need to save the ACCESS_TOKEN and ACCESS_SECRET for future use.

5. Make Calls to the API

You can verify your calls to the api by passing OAuth credientials as an HTTP header or as request parameters.

Messages

Welcome Message NEW

Welcome to GitShare! We encourage you to explore and use the GitShare Platform to build something amazing. This is a free Beta version that will be available for an indefinite amount of time. Be proud you're an early adopter and taking advantage of a great opportunity to utilize this service for FREE! We'll contact you through here (messages) is we have more to say...